If the server holding the T-Mobile files was subject to fewer security protections than the full Experian credit reporting database, why? If it was subject to the same protections as the credit reporting server, doesn’t this raise the troubling possibility that the server holding highly sensitive credit and personal information of over 200 million Americans is vulnerable to a data hack by identity thieves?

Since credit monitoring, which has been offered to victims by the firms, doesn't stop new account identity theft, Is there any authority for the CFPB to require the nationwide CRAs to provide free security freezes to affected consumers?"

-30-

Here is a link to PIRG's original statement on the breach, which includes identity theft tips and more information on the security freeze.